CVE-2006-1626

Name of the Vulnerable Software and Affected Versions: Internet Explorer 6 for Windows XP SP2 and earlier

Description: A spoofing issue exists that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI can be displayed from trusted Web sites, but the content of the window contains the attacker's Web page. This can be achieved by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading.

Recommendations: For Internet Explorer 6 for Windows XP SP2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.